[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Dec 17 20:10:40 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2880cad9 by security tracker role at 2019-12-17T20:10:30Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,495 @@
+CVE-2020-3824
+ RESERVED
+CVE-2020-3823
+ RESERVED
+CVE-2020-3822
+ RESERVED
+CVE-2020-3821
+ RESERVED
+CVE-2020-3820
+ RESERVED
+CVE-2020-3819
+ RESERVED
+CVE-2020-3818
+ RESERVED
+CVE-2020-3817
+ RESERVED
+CVE-2020-3816
+ RESERVED
+CVE-2020-3815
+ RESERVED
+CVE-2020-3814
+ RESERVED
+CVE-2020-3813
+ RESERVED
+CVE-2020-3812
+ RESERVED
+CVE-2020-3811
+ RESERVED
+CVE-2020-3810
+ RESERVED
+CVE-2020-3809
+ RESERVED
+CVE-2020-3808
+ RESERVED
+CVE-2020-3807
+ RESERVED
+CVE-2020-3806
+ RESERVED
+CVE-2020-3805
+ RESERVED
+CVE-2020-3804
+ RESERVED
+CVE-2020-3803
+ RESERVED
+CVE-2020-3802
+ RESERVED
+CVE-2020-3801
+ RESERVED
+CVE-2020-3800
+ RESERVED
+CVE-2020-3799
+ RESERVED
+CVE-2020-3798
+ RESERVED
+CVE-2020-3797
+ RESERVED
+CVE-2020-3796
+ RESERVED
+CVE-2020-3795
+ RESERVED
+CVE-2020-3794
+ RESERVED
+CVE-2020-3793
+ RESERVED
+CVE-2020-3792
+ RESERVED
+CVE-2020-3791
+ RESERVED
+CVE-2020-3790
+ RESERVED
+CVE-2020-3789
+ RESERVED
+CVE-2020-3788
+ RESERVED
+CVE-2020-3787
+ RESERVED
+CVE-2020-3786
+ RESERVED
+CVE-2020-3785
+ RESERVED
+CVE-2020-3784
+ RESERVED
+CVE-2020-3783
+ RESERVED
+CVE-2020-3782
+ RESERVED
+CVE-2020-3781
+ RESERVED
+CVE-2020-3780
+ RESERVED
+CVE-2020-3779
+ RESERVED
+CVE-2020-3778
+ RESERVED
+CVE-2020-3777
+ RESERVED
+CVE-2020-3776
+ RESERVED
+CVE-2020-3775
+ RESERVED
+CVE-2020-3774
+ RESERVED
+CVE-2020-3773
+ RESERVED
+CVE-2020-3772
+ RESERVED
+CVE-2020-3771
+ RESERVED
+CVE-2020-3770
+ RESERVED
+CVE-2020-3769
+ RESERVED
+CVE-2020-3768
+ RESERVED
+CVE-2020-3767
+ RESERVED
+CVE-2020-3766
+ RESERVED
+CVE-2020-3765
+ RESERVED
+CVE-2020-3764
+ RESERVED
+CVE-2020-3763
+ RESERVED
+CVE-2020-3762
+ RESERVED
+CVE-2020-3761
+ RESERVED
+CVE-2020-3760
+ RESERVED
+CVE-2020-3759
+ RESERVED
+CVE-2020-3758
+ RESERVED
+CVE-2020-3757
+ RESERVED
+CVE-2020-3756
+ RESERVED
+CVE-2020-3755
+ RESERVED
+CVE-2020-3754
+ RESERVED
+CVE-2020-3753
+ RESERVED
+CVE-2020-3752
+ RESERVED
+CVE-2020-3751
+ RESERVED
+CVE-2020-3750
+ RESERVED
+CVE-2020-3749
+ RESERVED
+CVE-2020-3748
+ RESERVED
+CVE-2020-3747
+ RESERVED
+CVE-2020-3746
+ RESERVED
+CVE-2020-3745
+ RESERVED
+CVE-2020-3744
+ RESERVED
+CVE-2020-3743
+ RESERVED
+CVE-2020-3742
+ RESERVED
+CVE-2020-3741
+ RESERVED
+CVE-2020-3740
+ RESERVED
+CVE-2020-3739
+ RESERVED
+CVE-2020-3738
+ RESERVED
+CVE-2020-3737
+ RESERVED
+CVE-2020-3736
+ RESERVED
+CVE-2020-3735
+ RESERVED
+CVE-2020-3734
+ RESERVED
+CVE-2020-3733
+ RESERVED
+CVE-2020-3732
+ RESERVED
+CVE-2020-3731
+ RESERVED
+CVE-2020-3730
+ RESERVED
+CVE-2020-3729
+ RESERVED
+CVE-2020-3728
+ RESERVED
+CVE-2020-3727
+ RESERVED
+CVE-2020-3726
+ RESERVED
+CVE-2020-3725
+ RESERVED
+CVE-2020-3724
+ RESERVED
+CVE-2020-3723
+ RESERVED
+CVE-2020-3722
+ RESERVED
+CVE-2020-3721
+ RESERVED
+CVE-2020-3720
+ RESERVED
+CVE-2020-3719
+ RESERVED
+CVE-2020-3718
+ RESERVED
+CVE-2020-3717
+ RESERVED
+CVE-2020-3716
+ RESERVED
+CVE-2020-3715
+ RESERVED
+CVE-2020-3714
+ RESERVED
+CVE-2020-3713
+ RESERVED
+CVE-2020-3712
+ RESERVED
+CVE-2020-3711
+ RESERVED
+CVE-2020-3710
+ RESERVED
+CVE-2020-3709
+ RESERVED
+CVE-2020-3708
+ RESERVED
+CVE-2020-3707
+ RESERVED
+CVE-2020-3706
+ RESERVED
+CVE-2020-3705
+ RESERVED
+CVE-2020-3704
+ RESERVED
+CVE-2020-3703
+ RESERVED
+CVE-2020-3702
+ RESERVED
+CVE-2020-3701
+ RESERVED
+CVE-2020-3700
+ RESERVED
+CVE-2020-3699
+ RESERVED
+CVE-2020-3698
+ RESERVED
+CVE-2020-3697
+ RESERVED
+CVE-2020-3696
+ RESERVED
+CVE-2020-3695
+ RESERVED
+CVE-2020-3694
+ RESERVED
+CVE-2020-3693
+ RESERVED
+CVE-2020-3692
+ RESERVED
+CVE-2020-3691
+ RESERVED
+CVE-2020-3690
+ RESERVED
+CVE-2020-3689
+ RESERVED
+CVE-2020-3688
+ RESERVED
+CVE-2020-3687
+ RESERVED
+CVE-2020-3686
+ RESERVED
+CVE-2020-3685
+ RESERVED
+CVE-2020-3684
+ RESERVED
+CVE-2020-3683
+ RESERVED
+CVE-2020-3682
+ RESERVED
+CVE-2020-3681
+ RESERVED
+CVE-2020-3680
+ RESERVED
+CVE-2020-3679
+ RESERVED
+CVE-2020-3678
+ RESERVED
+CVE-2020-3677
+ RESERVED
+CVE-2020-3676
+ RESERVED
+CVE-2020-3675
+ RESERVED
+CVE-2020-3674
+ RESERVED
+CVE-2020-3673
+ RESERVED
+CVE-2020-3672
+ RESERVED
+CVE-2020-3671
+ RESERVED
+CVE-2020-3670
+ RESERVED
+CVE-2020-3669
+ RESERVED
+CVE-2020-3668
+ RESERVED
+CVE-2020-3667
+ RESERVED
+CVE-2020-3666
+ RESERVED
+CVE-2020-3665
+ RESERVED
+CVE-2020-3664
+ RESERVED
+CVE-2020-3663
+ RESERVED
+CVE-2020-3662
+ RESERVED
+CVE-2020-3661
+ RESERVED
+CVE-2020-3660
+ RESERVED
+CVE-2020-3659
+ RESERVED
+CVE-2020-3658
+ RESERVED
+CVE-2020-3657
+ RESERVED
+CVE-2020-3656
+ RESERVED
+CVE-2020-3655
+ RESERVED
+CVE-2020-3654
+ RESERVED
+CVE-2020-3653
+ RESERVED
+CVE-2020-3652
+ RESERVED
+CVE-2020-3651
+ RESERVED
+CVE-2020-3650
+ RESERVED
+CVE-2020-3649
+ RESERVED
+CVE-2020-3648
+ RESERVED
+CVE-2020-3647
+ RESERVED
+CVE-2020-3646
+ RESERVED
+CVE-2020-3645
+ RESERVED
+CVE-2020-3644
+ RESERVED
+CVE-2020-3643
+ RESERVED
+CVE-2020-3642
+ RESERVED
+CVE-2020-3641
+ RESERVED
+CVE-2020-3640
+ RESERVED
+CVE-2020-3639
+ RESERVED
+CVE-2020-3638
+ RESERVED
+CVE-2020-3637
+ RESERVED
+CVE-2020-3636
+ RESERVED
+CVE-2020-3635
+ RESERVED
+CVE-2020-3634
+ RESERVED
+CVE-2020-3633
+ RESERVED
+CVE-2020-3632
+ RESERVED
+CVE-2020-3631
+ RESERVED
+CVE-2020-3630
+ RESERVED
+CVE-2020-3629
+ RESERVED
+CVE-2020-3628
+ RESERVED
+CVE-2020-3627
+ RESERVED
+CVE-2020-3626
+ RESERVED
+CVE-2020-3625
+ RESERVED
+CVE-2020-3624
+ RESERVED
+CVE-2020-3623
+ RESERVED
+CVE-2020-3622
+ RESERVED
+CVE-2020-3621
+ RESERVED
+CVE-2020-3620
+ RESERVED
+CVE-2020-3619
+ RESERVED
+CVE-2020-3618
+ RESERVED
+CVE-2020-3617
+ RESERVED
+CVE-2020-3616
+ RESERVED
+CVE-2020-3615
+ RESERVED
+CVE-2020-3614
+ RESERVED
+CVE-2020-3613
+ RESERVED
+CVE-2020-3612
+ RESERVED
+CVE-2020-3611
+ RESERVED
+CVE-2020-3610
+ RESERVED
+CVE-2019-19864
+ RESERVED
+CVE-2019-19863
+ RESERVED
+CVE-2019-19862
+ RESERVED
+CVE-2019-19861
+ RESERVED
+CVE-2019-19860
+ RESERVED
+CVE-2019-19859
+ RESERVED
+CVE-2019-19858
+ RESERVED
+CVE-2019-19857
+ RESERVED
+CVE-2019-19856
+ RESERVED
+CVE-2019-19855
+ RESERVED
+CVE-2019-19854
+ RESERVED
+CVE-2019-19853
+ RESERVED
+CVE-2019-19852
+ RESERVED
+CVE-2019-19851
+ RESERVED
+CVE-2019-19850 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and ...)
+ TODO: check
+CVE-2019-19849 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and ...)
+ TODO: check
+CVE-2019-19848 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and ...)
+ TODO: check
+CVE-2019-19847 (Libspiro through 20190731 has a stack-based buffer overflow in the spi ...)
+ TODO: check
+CVE-2019-19846
+ RESERVED
+CVE-2019-19845
+ RESERVED
+CVE-2019-19844
+ RESERVED
+CVE-2019-19843
+ RESERVED
+CVE-2019-19842
+ RESERVED
+CVE-2019-19841
+ RESERVED
+CVE-2019-19840
+ RESERVED
+CVE-2019-19839
+ RESERVED
+CVE-2019-19838
+ RESERVED
+CVE-2019-19837
+ RESERVED
+CVE-2019-19836
+ RESERVED
+CVE-2019-19835
+ RESERVED
+CVE-2019-19834
+ RESERVED
CVE-2019-XXXX [several vulnerabilities fixed in WordPress 5.3.1]
- wordpress <unfixed> (bug #946905)
NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
@@ -1213,8 +1705,8 @@ CVE-2019-19746 (make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentati
- transfig <removed> (unimportant)
NOTE: https://sourceforge.net/p/mcj/tickets/57/
NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/3065abc7b4f740ed6532322843531317de782a26/
-CVE-2019-19745
- RESERVED
+CVE-2019-19745 (Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end u ...)
+ TODO: check
CVE-2019-19744
RESERVED
CVE-2019-19743 (On D-Link DIR-615 devices, a normal user is able to create a root(admi ...)
@@ -2489,12 +2981,12 @@ CVE-2019-19716
RESERVED
CVE-2019-19715
RESERVED
-CVE-2019-19714
- RESERVED
+CVE-2019-19714 (Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It ...)
+ TODO: check
CVE-2019-19713
RESERVED
-CVE-2019-19712
- RESERVED
+CVE-2019-19712 (Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can ...)
+ TODO: check
CVE-2019-19711
RESERVED
CVE-2019-19710
@@ -2618,8 +3110,8 @@ CVE-2019-19677
RESERVED
CVE-2019-19676
RESERVED
-CVE-2019-19675
- RESERVED
+CVE-2019-19675 (In Ivanti Workspace Control before 10.3.180.0. a locally authenticated ...)
+ TODO: check
CVE-2019-19674
RESERVED
CVE-2019-19673
@@ -2721,8 +3213,8 @@ CVE-2019-19635 (An issue was discovered in libsixel 1.8.2. There is a heap-based
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/103
-CVE-2019-19634
- RESERVED
+CVE-2019-19634 (class.upload.php in verot.net class.upload through 1.0.3 and 2.x throu ...)
+ TODO: check
CVE-2019-19633
RESERVED
CVE-2019-19632
@@ -4290,8 +4782,8 @@ CVE-2019-19499
RESERVED
CVE-2019-19498
RESERVED
-CVE-2019-19497
- RESERVED
+CVE-2019-19497 (MDaemon Email Server 17.5.1 allows XSS via the filename of an attachme ...)
+ TODO: check
CVE-2019-19496 (Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTM ...)
NOT-FOR-US: Alfresco
CVE-2019-19495
@@ -5095,8 +5587,8 @@ CVE-2019-19317 (lookupName in resolve.c in SQLite 3.30.1 omits bits from the col
NOTE: Additional testcases: https://github.com/sqlite/sqlite/commit/73bacb7f93eab9f4bd5a65cbc4ae242acf63c9e3
CVE-2019-19316 (When using the Azure backend with a shared access signature (SAS), Ter ...)
NOT-FOR-US: Terraform
-CVE-2019-19315
- RESERVED
+CVE-2019-19315 (NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitr ...)
+ TODO: check
CVE-2019-19314 [Tokens stored in plaintext]
RESERVED
- gitlab <not-affected> (Only affects Gitlab EE)
@@ -5258,8 +5750,8 @@ CVE-2019-19266
RESERVED
CVE-2019-19265
RESERVED
-CVE-2019-19264
- RESERVED
+CVE-2019-19264 (In Simplifile RecordFusion through 2019-11-25, the logs and hist param ...)
+ TODO: check
CVE-2019-19263 [Tags pushes from blocked users]
RESERVED
- gitlab <not-affected> (Only affects Gitlab EE)
@@ -5347,8 +5839,8 @@ CVE-2019-19242 (SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by th
- sqlite3 <unfixed>
[jessie] - sqlite3 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c
-CVE-2019-19241
- RESERVED
+CVE-2019-19241 (In the Linux kernel before 5.4.2, the io_uring feature leads to reques ...)
+ TODO: check
CVE-2019-19240 (Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests wit ...)
NOT-FOR-US: Embedthis GoAhead
CVE-2019-19239
@@ -6071,8 +6563,8 @@ CVE-2019-18958 (Nitro Pro before 13.2 creates a debug.log file in the directory
NOT-FOR-US: Nitro Pro
CVE-2019-18957 (Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has r ...)
NOT-FOR-US: Microstrategy Library
-CVE-2019-18956
- RESERVED
+CVE-2019-18956 (Divisa Proxia Suite 9 < 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 an ...)
+ TODO: check
CVE-2019-18955
RESERVED
CVE-2019-18954 (Pomelo v2.2.5 allows external control of critical state data. A malici ...)
@@ -6368,26 +6860,26 @@ CVE-2019-18835 (Matrix Synapse before 1.5.0 mishandles signature checking on som
NOTE: https://github.com/matrix-org/synapse/releases/tag/v1.5.0
CVE-2019-18834
RESERVED
-CVE-2019-18833
- RESERVED
-CVE-2019-18832
- RESERVED
+CVE-2019-18833 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Informa ...)
+ TODO: check
+CVE-2019-18832 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrec ...)
+ TODO: check
CVE-2019-18831 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Informa ...)
NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
CVE-2019-18830 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Comm ...)
NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
-CVE-2019-18829
- RESERVED
+CVE-2019-18829 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Missing ...)
+ TODO: check
CVE-2019-18828 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insuffic ...)
NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
CVE-2019-18827 (On Barco ClickShare Button R9861500D01 devices (before firmware versio ...)
NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
CVE-2019-18826 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper ...)
NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
-CVE-2019-18825
- RESERVED
-CVE-2019-18824
- RESERVED
+CVE-2019-18825 (Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200 device ...)
+ TODO: check
+CVE-2019-18824 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Missing ...)
+ TODO: check
CVE-2019-18823
RESERVED
CVE-2019-18822
@@ -8948,8 +9440,8 @@ CVE-2019-18672 (Insufficient checks in the finite state machine of the ShapeShif
NOT-FOR-US: ShapeShift
CVE-2019-18671 (Insufficient checks in the USB packet handling of the ShapeShift KeepK ...)
NOT-FOR-US: ShapeShift
-CVE-2019-18670
- RESERVED
+CVE-2019-18670 (In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2 ...)
+ TODO: check
CVE-2019-18669
RESERVED
CVE-2019-18668 (An issue was discovered in the Currency Switcher addon before 2.11.2 f ...)
@@ -15234,88 +15726,61 @@ CVE-2019-16578
RESERVED
CVE-2019-16577
RESERVED
-CVE-2019-16576
- RESERVED
+CVE-2019-16576 (A missing permission check in Jenkins Alauda Kubernetes Suport Plugin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16575
- RESERVED
+CVE-2019-16575 (A cross-site request forgery vulnerability in Jenkins Alauda Kubernete ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16574
- RESERVED
+CVE-2019-16574 (A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2. ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16573
- RESERVED
+CVE-2019-16573 (A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16572
- RESERVED
+CVE-2019-16572 (Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16571
- RESERVED
+CVE-2019-16571 (A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earli ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16570
- RESERVED
+CVE-2019-16570 (A cross-site request forgery vulnerability in Jenkins RapidDeploy Plug ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16569
- RESERVED
+CVE-2019-16569 (A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0. ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16568
- RESERVED
+CVE-2019-16568 (Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously confi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16567
- RESERVED
+CVE-2019-16567 (A missing permission check in Jenkins Team Concert Plugin 1.3.0 and ea ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16566
- RESERVED
+CVE-2019-16566 (A missing permission check in Jenkins Team Concert Plugin 1.3.0 and ea ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16565
- RESERVED
+CVE-2019-16565 (A cross-site request forgery vulnerability in Jenkins Team Concert Plu ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16564
- RESERVED
+CVE-2019-16564 (Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escap ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16563
- RESERVED
+CVE-2019-16563 (Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16562
- RESERVED
+CVE-2019-16562 (Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the des ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16561
- RESERVED
+CVE-2019-16561 (Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16560
- RESERVED
+CVE-2019-16560 (A cross-site request forgery vulnerability in Jenkins WebSphere Deploy ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16559
- RESERVED
+CVE-2019-16559 (A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16558
- RESERVED
+CVE-2019-16558 (Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16557
- RESERVED
+CVE-2019-16557 (Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16556
- RESERVED
+CVE-2019-16556 (Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypte ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16555
- RESERVED
-CVE-2019-16554
- RESERVED
+CVE-2019-16555 (A user-supplied regular expression in Jenkins Build Failure Analyzer P ...)
+ TODO: check
+CVE-2019-16554 (A missing permission check in Jenkins Build Failure Analyzer Plugin 1. ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16553
- RESERVED
+CVE-2019-16553 (A cross-site request forgery vulnerability in Jenkins Build Failure An ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16552
- RESERVED
+CVE-2019-16552 (A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16551
- RESERVED
+CVE-2019-16551 (A cross-site request forgery vulnerability in Jenkins Gerrit Trigger P ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16550
- RESERVED
+CVE-2019-16550 (A cross-site request forgery vulnerability in a connection test form m ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-16549
- RESERVED
+CVE-2019-16549 (Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-16548 (A cross-site request forgery vulnerability in Jenkins Google Compute E ...)
NOT-FOR-US: Jenkins plugin
@@ -16247,7 +16712,7 @@ CVE-2016-10939 (The xtremelocator plugin 1.5 for WordPress has SQL injection via
CVE-2016-10938 (The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public ...)
NOT-FOR-US: Wordpress plugin
CVE-2019-16255 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...)
- {DLA-2027-1 DLA-2007-1}
+ {DSA-4587-1 DSA-4586-1 DLA-2027-1 DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -16255,7 +16720,7 @@ CVE-2019-16255 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4
NOTE: https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/
NOTE: ruby2.5: https://github.com/ruby/ruby/commit/3af01ae1101e0b8815ae5a106be64b0e82a58640
CVE-2019-16254 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...)
- {DLA-2027-1 DLA-2007-1}
+ {DSA-4587-1 DSA-4586-1 DLA-2027-1 DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -16438,7 +16903,7 @@ CVE-2019-16203
CVE-2019-16202 (MISP before 2.4.115 allows privilege escalation in certain situations. ...)
NOT-FOR-US: MISP
CVE-2019-16201 (WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5 ...)
- {DLA-2027-1 DLA-2007-1}
+ {DSA-4587-1 DSA-4586-1 DLA-2027-1 DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -17407,7 +17872,7 @@ CVE-2019-15846 (Exim before 4.92.2 allows remote attackers to execute arbitrary
NOTE: https://www.openwall.com/lists/oss-security/2019/09/04/1
NOTE: https://git.exim.org/exim.git/commit/2600301ba6dbac5c9d640c87007a07ee6dcea1f4
CVE-2019-15845 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 misha ...)
- {DLA-2007-1}
+ {DSA-4587-1 DSA-4586-1 DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -19095,8 +19560,8 @@ CVE-2019-15237 (Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain
NOTE: https://github.com/roundcube/roundcubemail/issues/6891
CVE-2019-15236
RESERVED
-CVE-2019-15235
- RESERVED
+CVE-2019-15235 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an att ...)
+ TODO: check
CVE-2019-15234
RESERVED
CVE-2019-15233 (The Live:Text Box macro in the Old Street Live Input Macros app before ...)
@@ -20427,6 +20892,7 @@ CVE-2019-14891 (A flaw was found in cri-o, as a result of all pod-related proces
CVE-2019-14890 (A vulnerability was found in Ansible Tower before 3.6.1 where an attac ...)
NOT-FOR-US: Ansible Tower
CVE-2019-14889 (A flaw was found with the libssh API function ssh_scp_new() in version ...)
+ {DLA-2038-1}
- libssh 0.9.3-1 (bug #946548)
NOTE: https://www.libssh.org/security/advisories/CVE-2019-14889.txt
NOTE: https://bugs.libssh.org/T181
@@ -20537,7 +21003,7 @@ CVE-2019-14860 (It was found that the Syndesis configuration for Cross-Origin Re
NOT-FOR-US: Syndesis
CVE-2019-14859 [DER encoding is not being verified in signatures]
RESERVED
- {DLA-1978-1}
+ {DSA-4588-1 DLA-1978-1}
- python-ecdsa 0.13.3-1
NOTE: https://github.com/warner/python-ecdsa/issues/114
NOTE: Upstream patches:
@@ -20577,7 +21043,7 @@ CVE-2019-14854
RESERVED
NOT-FOR-US: OpenShift
CVE-2019-14853 (An error-handling flaw was found in python-ecdsa before version 0.13.3 ...)
- {DLA-1978-1}
+ {DSA-4588-1 DLA-1978-1}
- python-ecdsa 0.13.3-1
NOTE: https://github.com/warner/python-ecdsa/issues/114
NOTE: Upstream patches:
@@ -20844,8 +21310,8 @@ CVE-2019-14784 (The "CP Contact Form with PayPal" plugin before 1.2.98 for WordP
NOT-FOR-US: "CP Contact Form with PayPal" plugin for WordPress
CVE-2019-14783 (On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, Fo ...)
NOT-FOR-US: Samsung
-CVE-2019-14782
- RESERVED
+CVE-2019-14782 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8 ...)
+ TODO: check
CVE-2019-14781
RESERVED
CVE-2019-14780
@@ -126045,7 +126511,7 @@ CVE-2017-14634 (In libsndfile 1.0.28, a divide-by-zero error exists in the funct
NOTE: https://github.com/erikd/libsndfile/issues/318
NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788
CVE-2017-14633 (In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability ...)
- {DSA-4113-1 DLA-1368-1}
+ {DSA-4113-1 DLA-2039-1 DLA-1368-1}
- libvorbis 1.3.5-4.1 (bug #876778)
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2329
NOTE: https://github.com/xiph/vorbis/pull/34
@@ -136072,7 +136538,7 @@ CVE-2017-11334 (The address_space_write_continue function in exec.c in QEMU (aka
NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=04bf2526ce87f21b32c9acba1c5518708c243ad0
NOTE: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1752761
CVE-2017-11333 (The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbi ...)
- {DSA-4113-1 DLA-1368-1}
+ {DSA-4113-1 DLA-2039-1 DLA-1368-1}
- libvorbis 1.3.5-4.1 (low; bug #870341)
NOTE: http://seclists.org/fulldisclosure/2017/Jul/82
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2332
@@ -180097,6 +180563,7 @@ CVE-2016-6224 (ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted
NOTE: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882
NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/2
CVE-2015-8947 (hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote atta ...)
+ {DLA-2040-1}
- harfbuzz 1.2.6-1
NOTE: https://cgit.freedesktop.org/harfbuzz/commit/?id=f96664974774bfeb237a7274f512f64aaafb201e (1.0.5)
CVE-2015-8946 (ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencr ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2880cad985f58f388165dc32cff4c611b6b59e9f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2880cad985f58f388165dc32cff4c611b6b59e9f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191217/17c96ea4/attachment.html>
More information about the debian-security-tracker-commits
mailing list